Malicious Life Podcast: Hackers vs. Spies - The Stratfor Leaks Part 1

George Friedman and Jeremy Hammond are two very different people: the former is a capitalist middleman, the latter an anarchist-communist hacker. A spy and a hacker; but in certain respects, they’re actually quite similar in what lines they are willing to cross to get to their goal - check it out…

 

ran-levi-headshot
About the Host

Ran Levi

Born in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.

In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.

About The Malicious Life Podcast

Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.

Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:

All Posts by Malicious Life Podcast

Transcript

The story you’re about to hear concerns two people: George and Jeremy. In some ways, George and Jeremy are quite similar — in what they do, and what lines they’re willing to cross to do it. But, in most ways, they couldn’t be more opposite. Like, if you mapped out the entire spectrum of humanity, you can just about put one of them on one end of the picture, and the other way on the other side.

Consider, for example, what happened on March 19th and 20th, 2003 — an important day in both of their lives. It was that kind of day for a lot of people, actually, as it would turn out to be an historic date.

George Friedman, for his part, knew that before almost anyone on the planet.

“The war is going to start at 8 tonight,” he told a representative from the New York Times, quietly, from the front seat of his car. He was on his way to meet the reporter at the Hilton hotel in Melbourne, Florida, but things were already moving fast. British B-52s were already in the air and en route to Baghdad, he claimed. And President Bush was going to make an announcement to the nation at 9 pm.

The New York Times reporter — the kind of person you’d expect to be first to hear about such a thing — had no knowledge that a war was about to begin. So, when he arrived at the Hilton before Friedman, he turned on the T.V. in his room and flicked through the news channels. There, too, quote:

“No one was expecting the war to begin immediately. The White House hadn’t asked the networks for TV time. Some correspondents, not to mention Peter Jennings, were heading home. Friedman, ensconced in his climate-controlled sedan on I-95, was claiming to know something the best reporters in Washington didn’t.”

George Friedman felt he knew something the Times, CNN, NBC, nor any other media outlet did, because he often, actually, did.

Friedman was the CEO and founder of a company called “Stratfor.” Stratfor is the kind of thing you’d invent for a spy movie — a private company that sells intelligence. Using a network of informants in government, military and other positions in countries around the world, they aggregate news, rumors and tips to predict global events before they happen. For example, on March 19th, 2003, Friedman had predicted — and promised his many clients — that the United States military was about to suddenly invade the sovereign nation of Iraq. But, quote:

“When 9 p.m. came and went without any new developments, Friedman was troubled. I found him in his new command post at the Hilton, a mauve-and-green room overlooking the ocean with a bedside desk and a high-speed modem. He was pacing, in a T-shirt and shorts, studying maps of U.S. troop deployments and ordering up situation reports from his analysts in Austin. [. . .] He turned to me. ”Understand that you’re now in a superheated atmosphere,” he said. ”There are all kinds of rumors floating around. And one of the players is deliberately feeding us lies.”

With war, spies and lies floating around the room, the reporter wasn’t certain that they were safe. Then the phone rang. Quote:

”Triple A going crazy over Baghdad!” [. . .] Friedman grabbed the phone. ”Repeat,” he commanded. He listened, then informed me that the war had begun. I asked how he knew that, since it still wasn’t on TV. ”I can’t tell you where that came from,” he replied. Within minutes, the White House announced that U.S. forces had indeed launched cruise missiles into Baghdad[.]”

George Friedman had made the career-defining, Babe Ruth-style prediction of his life. There was war in Iraq. Stratfor was proven correct.

Just over a dozen hours later, and exactly 1,038.78 miles away, Jeremy Hammond made a big decision of his own. In response to the outbreak of an unjust war, he gathered together nearly 200 of his classmates at Glenbard East High School in Lombard, Illinois. Then, all at once, all 200 or so students got up from class, walked out, and rode the train to join up with other protestors in the center of Chicago.

Jeremy’s childhood

It was an indication of the kind of kid he was — charismatic, motivated, political. But to know Jeremy Hammond requires much more than one simple anecdote, as a journalist from Chicago Magazine learned when, in October, 2007, he visited a gathering of hackers in the back of an old flower shop in Chicago. Quote:

“Flyers advertised it as an event for “free-wheeling free-information free-reproductionistas,” “activists that just want to share resources,” and “militant media makers.” This translated to a mostly male crowd of about 30 or so tech enthusiasts, anarchists, political activists, and Art Institute students, who lounged around on old couches.”

Once everyone was settled, the leader of the meeting stood up and asked a question. “What is the relationship between the work we do with computers, and the work we do in the real world, smashing the system with direct action?” One by one the hackers around the room gave their answers. Then, quote:

When it came time for a 22-year-old named Jeremy Hammond to talk, his blue eyes lit up. “All conflict comes from social inequality and those who use this to their advantage,” Hammond said, growing more impassioned with each word. Citing dependence on oil, overpopulation, and climate change as heralds of the end of comfy first-world capitalism, he continued: “Our civilization is facing a radical, imminent mass change. The alternative to the hierarchical power structure is based on mutual aid and group consensus. As hackers we can learn these systems, manipulate these systems, and shut down these systems if we need to.”

Jeremy was like this even when not amongst fellow hacker revolutionaries. A self-described anarchist-communist — one of those people with big ideas, and no hesitation to tell you about them. And, as one friend described, he “talked so fast it was like his mouth couldn’t keep up with his brain.”

The problem was that Jeremy didn’t just talk about “radical, imminent mass change,” like precocious young people sometimes do. He always went one step further, and put his money where his mouth was.

For example, there was the time he joined up with an environmental activism group called the Rainforest Action Network. As another member explained to Rolling Stone, quote: “[He] wasn’t just anti-capitalist in words; he walked the talk. [. . .] He’d ride this rickety bike all the way across town, probably an hour each way, to attend meetings that would last four or even six hours.” End quote. The worst was when they all went out together. Quote: “We would have a meeting at a restaurant, and Jeremy wouldn’t buy food – he’d eat other people’s leftovers. I’d be sitting there, like, horrified, but he’d just casually walk over to an empty table, grab like half a plate of leftover food and bring it over. He literally lived off the waste of others.” End quote.

If Jeremy were merely being gross in the name of communism, it would’ve been one thing. But he also happened to be one of the most talented hackers in America. So put the politics and the hacking skill together, and what do you get?

Protest Warriors

In 2005, Jeremy turned his attention to a group called Protest Warrior. Protest Warrior was the Tea Party — or, more accurately, The Proud Boys — years before the Tea Party and the Proud Boys: in their own words, quote, “a website created to help arm the liberty-loving silent majority with ammo — ammo that strikes at the intellectual solar plexus of the Left.” End quote. In the early-to-mid-2000s, Protest Warrior made a name for itself by showing up at anti-Iraq War protests and…let’s say…strongly disagreeing…with the crowd.

In January, 2005, Jeremy — with a group that called itself the “Internet Liberation Front” — decided to do something about Protest Warrior. They attacked their web server, stealing contact information and thousands of credit cards along the way.

A co-founder of the group was able to collect forensic evidence, and he turned it into the FBI the following month. The case was broken by an ex-partner of Hammond’s, who had chat logs where Hammond asked how he could use the stolen cards to donate to the American Civil Liberties Union.

Are you starting to get the picture? With one hand, Jeremy used to refurbish old computers and bikes and gave them to the homeless, and with the other hand, he got into fights with cops at protests, amassing 10 arrests between the ages of 18 and 21. With one hand, he helped save the climate, and with the other, black hat hacking — hacking far right trolls, granted, but hacking and stealing nonetheless. He was an “electronic Robin Hood,” as he put it, for better and for worse.

And so, after the FBI executed a search warrant on his home on March 16th, 2005 — arresting him, and confiscating all his computers and hard drives — he remained unrepentant. Not in a sociopathic way, but righteously so. Stealing credit cards from those far right trolls, he explained to federal agents, quote, “would be helping people under the thought of ‘Let’s steal from the rich to give to the poor.’”

One week before he was to begin his two-year sentence at FCI Greenville, a medium-security prison 250 miles outside of Chicago, a reporter visited him in the trashy little apartment where he was crashing. His friends were throwing him a goodbye party. Quote:

“Spray-painted anarchist symbols covered the walls, as did slogans like “Bomb the System” and “Fuck the New World Order.” Instructions posted next to the front door cautioned what to do if the cops knocked (don’t let them in). [. . .] I found him standing in the kitchen, watching the heavy-metal band in the next room. He was wearing the same drab brown ski hat and paint-splattered black hoodie he always wore.”

They got to talking. Half-cautiously, Jeremy started bragging about a plot that “some friends” were up to — a data breach of a neo-Nazi website. He, of course, wasn’t involved. That would be…a crime.

Jeremy’s radicalization

Initially, when he heard about a hacker collective called “Anonymous,” Jeremy Hammond didn’t take it seriously. The drama, the showmanship — quote, “these weren’t, like, super-voodoo hackers.”

Then, in the Fall of 2010, came, as one co-founder of the Electronic Frontier Foundation put it, “the shot heard around the world.” Over the span of four days, Anonymous members from across the globe combined forces to DDoS the websites for payment companies — Visa, Mastercard, PayPal — politicians — Joseph Liebermann, and two Sarah Palin sites — and more.

It was unprecedented: untold numbers of hackers, with no clue as to one another’s identities, cooperating to disrupt massive corporations. Jeremy Hammond was one of those people who took notice. Quote: “I thought maybe there were people there who recognized who the bigger enemy was and how to fight them.” 

As his interest in the movement grew, he became particularly enamored with a hacker who was working alongside them — codenamed “Sabu” — representing their own group called the “Internet Feds.” Sabu was tough, and street smart. He told tales about his Puerto Rican hacking crew from the ‘90s, and the time he’d spent in jail. And he railed against corporations, government agents, and, especially, the police. As Jeremy told The Rolling Stone, quote:

“He seemed to understand, more than most Anons, what the root of the problem really was. I’d sit in IRC watching these arguments go down – just stupid shit people would say. But there were some people who got to the baseline element and said things like, ‘We must destroy capitalism. We must destroy their systems.’ That interested me.”

On June 19th, 2011, Sabu tweeted out an announcement: the formation of a new cooperation with Anonymous. Quote: “Operation Anti-Security[.] The biggest, unified operation amongst hackers in history. All factions welcome. We are one.” End quote. The tweet linked to a manifesto on PasteBin, where Sabu explained, quote: “Top priority is to steal and leak any classified government information, including email spools and documentation. Prime targets are banks and other high-ranking establishments.”

Jeremy Hammond was on parole — barred from hacking, and any activism at all — but, from what you know of him thus far, do you think that was going to stop him? As he later recalled, when he saw Sabu’s clarion call, there was no doubt. Quote: “It was like call-and-response.”

The ten or so other members that formed AntiSec quickly realized what Jeremy could do. With Sabu as the leader and Jeremy as the key man, Operation Anti-Security — “AntiSec” — became an almost unstoppable force.

They leaked information about a U.S. Department of Homeland Security cyberterrorism defense program, a Colombian paramilitary organization, and Viacom. They exposed private information — including phone numbers, social security numbers, passwords and more — for members of the Arizona state police. Using SQL injection attacks they shut down, overtook or leaked data from websites belonging to the governments of Anguilla, Brazil, Tunisia and Zimbabwe. And all those attacks? That’s just what they did in the first two weeks after they first got together.

Leaked Emails

AntiSec had successfully hacked dozens and dozens of law enforcement agencies by November, 2011, when, according to one member, an individual outside of the group approached Sabu. The individual was not known to anyone within AntiSec, but they came with an interesting tip — about a security hole in the website of a secretive intelligence agency called “Strategic Forecasting Inc.” Sabu handed the info to Hammond.

When they hacked the websites of corporations and law enforcement agencies, Hammond and AntiSec liked to use SQL injections. Put simply, they’d identify a means of communicating with a web app’s database — for example, a login page — but, instead of sending login data, they’d send code with their own, malicious commands. SQL injection was a quick way to gain low-level access to sites — enough to, say, replace a homepage with a trolling message.

In poking around, though, Hammond found more. For one thing, because the firm provided a subscription service to customers, they were storing credit card data. They did so in a single database, in plaintext. Taking it was almost as easy as hitting right-click and “export.” Hammond forwarded tens of thousands of card numbers, and their associated data, to a server that Sabu had offered him.

And then there was the email system. “We in business baby,” he wrote to an AntiSec team member, adding, quote, “time to feast upon their spools.” End quote. With root access, he could now see every single email that went in and out of the firm. “They’re so done now,” the other hacker replied. “Yeah it’s over with,” Jeremy wrote. “I think they’ll just give up after this goes down.”

He was ecstatic, and not just because of a hack well done — also because, as millions of emails rolled in, something very important was becoming clear.

Remember what happened in the back of an old flower shop on the Lower West Side of Chicago. A 22 year-old Jeremy Hammond stood up and announced, before a group of fellow hacktivists, what he believed to be the central issue with society: “all conflict,” he said, “comes from social inequality and those who use this to their advantage.”

As part of AntiSec, Jeremy hacked a lot of those organizations that he believed represented the evils of capitalism. But if ever there was one that so thoroughly represented the antithesis of his very being, it was Strategic Forecasting Inc. — “Stratfor,” for short.

Stratfor

George Friedman — the war-forecasting founder and CEO of Stratfor — might have created an immoral or otherwise harmful company by happens tance. In the early days, at least — growing up, as a student, then as a university professor — all he really wanted was what any seven year-old boy wants: to be James Bond.

It wasn’t just that his singular passion in life was intelligence, or that he studied political theory, worked with the Pentagon on early computerized war games, and wrote textbooks about military conflicts. It’s the pure, childlike wonder with which he approached the work. There’s one little anecdote he told The New York Times sums it up best. It occurred during a research excursion he took while working as a professor in the early 90s.

“We went to Slovakia,” he told the reporter, “and we were meeting with Hungarian dissidents. One of them slides into a booth across from me and says, ‘I think I’m being followed.’” Friedman didn’t freak out or run — he wasn’t nervous at all. In fact, he recalled being thrilled. Quote: “This is wonderful! It’s like a 1930’s movie.”

With the help of a former Russian army colonel, Friedman founded Stratfor in 1996. Stratfor is built upon a network of informants from around the world — sometimes regular civilians, sometimes very high-ranking officials on Wall Street, in board rooms, and in governments and militaries especially. “‘I’ll give you a range,’” Friedman explained to the Times. “A senior commander, the head of one of the services of a NATO member, communicates with us continually. Down at the other end, I just got an e-mail from somebody at Fort Hood who’s an enlisted man. And they are everywhere in between.” End quote. If you think he’s exaggerating, you’re wrong — one individual who’s since been revealed to have been a Stratfor source for three years is the former prime minister of my country, Benjamin Netanyahu.

All of these sources feed info to Friedman and his Russian sidekick, who organize it all into a newsletter with the help of dozens of employees, and interns from the University of Texas at Austin, near their offices. Counted among their hundreds of thousands of subscribers are Fortune 500 companies, governments and militaries, among many others.

At least, that’s what happens above board.

As Jeremy Hammond siphoned five million emails from Stratfor’s servers to Sabu’s, he might have noticed ample evidence of Stratfor’s shadier, more serious business: spying on activists for corporations.

Take, as a pretty ordinary case, an email from a Senior Manager at Coca-Cola. 

“Hi Anya, 

Thanks again for your help with respect to the Korean Peninsula situation. We are now looking at PETA and the potential for protests at the Vancouver Olympics and related events. (Please see the following questions below.) We’d like to schedule a time for a conference call with you and/or your analyst(s) on this topic.

— How many PETA supporters are there in Canada?

— How many of these are inclined toward activism?

— To what extent will US-based PETA supporters travel to Canada to support activism?”

The email goes on like this. At the bottom, there’s an automatic signature that reads: “Coca-Cola: LIVE POSITIVELY.”

Anya forwarded the email to Fred Burton, a VP at the company. “The FBI has a classified investigation on PETA operatives,” he replied. “I’ll see what I can uncover.”

Stratfor did this kind of work for the biggest U.S. defense companies — Lockheed Martin, Raytheon and Northrop Grumman. When activists were seeking compensation for the 1984 Bhopal Disaster — the industrial accident in Bhopal, India that some consider worse than Chernobyl, having killed over 16,000 people and injured over 500,000 — Stratfor stepped in to provide intelligence for Dow Chemical. Stratfor regularly monitored Julian Assange — employees wrote in internal emails that he’d “make a nice bride in prison,” and how they hoped to have him “waterboarded.” Perhaps Stratfor’s most prolific work was on behalf of U.S. law enforcement — including the Department of Homeland Security — spying on members of the Occupy Wall Street movement.

Some of what Stratfor did wasn’t just immoral, it was patently illegal.

Consider the role they have in the financial sector. Stratfor’s informants include insiders from important geopolitical and financial organizations. Stratfor often pays their best informants — thousands of dollars a month, in some cases. They then pass on information to investors, who try to profit off of it. This isn’t just theoretical — Stratfor’s reports have had real, measurable influence on the world. From The Times, quote:

“In at least one instance leading up to the war, for example, Stratfor moved the financial markets all by itself when it reported that a Russian envoy was en route to Baghdad to negotiate peace with the Iraqis. That sent the Dow into a spasm of momentary optimism. [T]raders aren’t the only ones who have taken note. [. . .] Immediately after the U.S. invasion, Friedman began holding early-morning conference calls, six days a week, with hundreds of traders at Wall Street’s biggest firms.”

When investors trade on selective, non-public information like this, we call it insider trading.

Friedman is well aware of this. In an internal memo from August, 2011 he wrote of how, quote, “We are retaining a law firm to create a policy for Stratfor on the Foreign Corrupt Practices Act. I don’t plan to do the perp walk and I don’t want anyone here doing it either.” End quote. When journalists pressed Stratfor about their practices, the company deflected. Quote: “Having had our property stolen, we will not be victimized twice by submitting to questioning about them.” 

In most ways, George Friedman and Jeremy Hammond couldn’t be more opposite. Like, if you mapped out the entire spectrum of humanity, you can put George — the government-intelligence, capitalist middleman — on one end of the picture, and Jeremy — the bike-riding, environmentalist, anarchist-communist hacker — way on the other side.

But in certain respects, they’re actually quite similar. Hammond will go as far as necessary — hacking sensitive databases, even stealing credit cards from civilians — to achieve his politically-motivated goals. Friedman operates in a different medium, but he’s no more reserved about doing whatever’s necessary.

Friedman was the spy, Hammond the hacker. In the end — if you put all the personality quirks and the politics aside — the most important difference between the two of them is this: one of them does what they do for the powers that be, and the other against. And so, when Jeremy and his Anonymous buddies publicly leaked Stratfor’s internal data via Wikileaks, George had the kinds of friends in high places who could help him out.  

But when everybody teamed up to take down Jeremy, the young hacker did not enjoy that same luxury.